I'm developing a Docker infrastructure with Ansible and Docker Compose and I have a problem with my custom image of Gitea. I want to use a custom image because I need to implement authentication via LDAP. The error that i get inside the container log is:
sudo: unknown user: gitea
sudo: error initializing audit plugin sudoers_audit
This is my configuration:
app.ini (of Gitea)
[DEFAULT]
RUN_USER = git
RUN_MODE = prod
...
[database]
PATH = /data/gitea/gitea.db
DB_TYPE = postgres
HOST = db:5432
NAME = gitea
USER = gitea
PASSWD = gitea
LOG_SQL = false
...
Dockerfile
FROM gitea/gitea:1.16.8
RUN apk add sudo
RUN chmod 777 /home
COPY entrypoint /usr/bin/custom_entrypoint
COPY gitea-cli.sh /usr/bin/gitea-cli.sh
ENTRYPOINT /usr/bin/custom_entrypoint
entrypoint
#!/bin/sh
set -e
echo 'Started entrypoint'
while ! nc -z $GITEA__database__HOST; do sleep 1; done;
echo 'Starting operations'
gitea-cli.sh migrate
>- gitea-cli.sh admin auth add-ldap --name ansible-ldap --host 127.0.0.1 --port 1389 --security-protocol unencrypted --user-search-base dc=ldap,dc=vcc,dc=unige,dc=it --admin-filter "(objectClass=giteaAdmin)" --user-filter "(&(objectClass=inetOrgPerson)(uid=%s))" --username-attribute uid --firstname-attribute givenName --surname-attribute surname --email-attribute mail --bind-dn cn=admin,dc=ldap,dc=vcc,dc=unige,dc=it --bind-password admin --allow-deactivate-all
echo 'Ending entrypoint'
gitea-cli.sh
#!/bin/sh
echo 'Started gitea-cli'
USER=git HOME=/home/gitea GITEA_WORK_DIR=/var/lib/gitea sudo -E -u git gitea --config /data/gitea/conf/app.ini "$@"
docker-compose.yaml
db:
image: postgres:14.3
restart: always
hostname: db
environment:
POSTGRES_DB: gitea
POSTGRES_USER: gitea
POSTGRES_PASSWORD: gitea
ports:
- 5432:5432
volumes:
- /data/postgres:/var/lib/postgresql/data
networks:
- vcc
openldap:
image: bitnami/openldap:2.5
ports:
- 1389:1389
- 1636:1636
environment:
BITNAMI_DEBUG: "true"
LDAP_LOGLEVEL: 4
LDAP_ADMIN_USERNAME: admin
LDAP_ADMIN_PASSWORD: admin
LDAP_ROOT: dc=ldap,dc=vcc,dc=unige,dc=it
LDAP_CUSTOM_LDIF_DIR: /bitnami/openldap/backup
LDAP_CUSTOM_SCHEMA_FILE: /bitnami/openldap/schema/schema.ldif
volumes:
- /data/openldap/:/bitnami/openldap
networks:
- vcc
gitea:
image: 127.0.0.1:5000/custom_gitea:51
restart: always
hostname: git.localdomain
build: /data/gitea/custom
ports:
- 4000:4000
- 222:22
environment:
USER: git
USER_UID: 1000
USER_GID: 1000
GITEA__database__DB_TYPE: postgres
GITEA__database__HOST: db:5432
GITEA__database__NAME: gitea
GITEA__database__USER: gitea
GITEA__database__PASSWD: gitea
GITEA__security__INSTALL_LOCK: "true"
GITEA__security__SECRET_KEY: XQolFkmSxJWhxkZrkrGbPDbVrEwiZshnzPOY
volumes:
- /data/gitea:/data
- /etc/timezone:/etc/timezone:ro
- /etc/localtime:/etc/localtime:ro
- /data/gitea/app.ini:/data/gitea/conf/app.ini
# deploy:
# mode: global
depends_on:
- db
- openldap
- openldap_admin
networks:
- vcc
User gitea simply don't exist in the image.
docker run -it --rm --entrypoint /bin/sh gitea/gitea:1.16.8
/ # grep gitea /etc/shadow
/ # grep gitea /etc/passwd
/ #
The default user is git:
docker run -it --rm --entrypoint /bin/sh gitea/gitea:1.16.8
/ # tail -1 /etc/passwd
git:x:1000:1000:Linux User,,,:/data/git:/bin/bash
/ #
There is two solutions:
Just add adduser
in your Dockerfile and it should work:
FROM gitea/gitea:1.16.8
RUN adduser -D -s /bin/bash gitea # <---- HERE
RUN apk add sudo
COPY entrypoint /usr/bin/custom_entrypoint
COPY gitea-cli.sh /usr/bin/gitea-cli.sh
ENTRYPOINT /usr/bin/custom_entrypoint
You'll also have to change the USER_UID and USER_GID with 1001 (user 1000 is git)
Just replace user gitea with git in the gitea service of the dockerfile and in the app.ini .
After that, if you have error like:
error saving to custom config: open /data/gitea/conf/app.ini permission denied
You have to add chown -R 1000:1000 /data/gitea/conf
before gitea-cli.sh migrate in entrypoint.
Because you share volume between the host and the container, this will work only if you host user have UID 1000. If not you will have to modify the gitea service in the docker-compose.yml.
Example with an user id of 1002:
docker-compose.yml:
gitea:
image: 127.0.0.1:5000/custom_gitea:51
restart: always
[...]
environment:
USER: git
USER_UID: 1002
USER_GID: 1002
[...]
user: 1002:1002 # <----- HERE
and before the ENTRYPOINT in the dockerfile:
USER git
ENTRYPOINT ....